Smart Grid News

NIST overhauls its smart grid cyber security strategy

SUBNET Solutions Inc | Wednesday, July 20, 2011

The ongoing efforts by the U.S. government to modernize - and protect - critical infrastructures in the U.S. has been met with criticism by many industry experts. According to a published report, one agency is overhauling its own recommended strategy for smart grid security protocols.

According to a report from Fierce Government IT, the National Institute of Standards and Technology (NIST), which is one such agency that oversees the efficacy of cyber security measures for the smart grid, is making changes to its Special Publication 800-53. The technical handbook effectively serves as a guide for utilities in the U.S.

The news provider reports that privacy controls will become an explicit component of the agency's cyber security recommendations when it issues an appendix to 800-53. The appendix will highlight a number of areas where utilities can improve critical infrastructure protections (CIP), including in the automation and recognition of certain systems and services.

The publication will also feature a new guide for recommended security controls under the Federal Information Security Management Act. NIST released a portion of the new privacy catalog this month, affirming that "due to the special nature of the material," it is seeking comments before it releases its final version in December.

The addition to its own cyber security rules is needed, according to NIST officials, because of the increasing use of cloud computing, the smart grid and mobile computing. As the agency moves to protect customer data from the increasing threat of cyber security infiltrations, it is working to overhaul its current regulations and incentivize utilities and other businesses to adopt the measures as quickly as possible.

With the amount of customers' personal information available through an ever-growing number of ways, there is a real and significant need to address the vulnerabilities in the cyber security networks of businesses and organizations that collect a large amount of data on their customers. Utilities fall into such categories, according to industry analysts.

"Strong normalized privacy controls are an essential component in the ongoing effort to build measurable privacy compliance," NIST senior internet policy adviser Ari Schwartz said in a statement. "Certainty in controls and measures can help promote privacy, trust and greater confidence in new standards."